Hacking has been all over the news lately. In the past week or so, major global corporations Apple, Burger King and Jeep, as well as customer service technology vendor Zendesk, have all been hacked -- to say nothing of apparent intrusions into systems governing the country’s infrastructure by the Chinese military.
Let’s take a look at exactly what has been happening in the world of high-profile hacking in recent days, starting with Apple.
Apple - Lights Out for Java?
Apple employees visiting a site for iPhone developers that was apparently infected with Java-based malware that also caused a cybersecurity breach at Facebook in January had their corporate Macs hacked. As reported by Computerworld, Apple resolved the situation by issuing a Java for OS X 2013-001 1.0 update.
However, Computerworld says many experts are urging users of any platform (and this specific malware reportedly targeted Macs) to simply “shut off Java.” Java is said to pose unique risks as a cross-platform application and Cisco has estimated 80 percent of cyberattacks exploit Java vulnerabilities, with online ads being a major culprit. Apple’s latest Java update actually disables the Java SE 6 applet plug-in, which Computerworld says is tantamount to Apple abandoning Java.
Burger King, Jeep Discover the Dark Side of Social
While brands are exhorted to “be social” and maintain an active presence on leading consumer social networks such as Twitter, this week Burger King there is a dark side to social branding.
An Econsultancy blog post reports that hackers who were possibly (but as of yet not publicly confirmed to be) affiliated with the global hacker organization Anonymous broke into Burger King’s Twitter account, changed the name and image to that of chief Burger King rival McDonald’s, and spent an hour sending out images and comments hurtful to the fast food chain’s brand.
Econsultancy essentially gives Burger King a pass as far as allowing this to actually occur, since groups such as Anonymous are capable of defeating the cyber security efforts of world governments, but rebukes the company for only sending out a single tweet obliquely referring to an “interesting day” once the hack was fixed and planning to apologize publicly on Facebook, rather than Twitter.
The post also advises Twitter to take additional steps, such as two-step authentication, to protect corporate clients and reminds companies to use basic anti-hacking precautions such as constantly monitoring social media accounts, using passwords that cannot easily be guessed, avoiding third-party apps and limiting authorized access.
Jeep was victimized by a similar Twitter hack a couple of days before the Burger King hack, with its page switched to promote Cadillac and a series of tweets confessing to purported drug use by Jeep executives and containing racial epithets being sent out. CNBC reports that Cadillac quickly denied any involvement and Jeep quickly regained control of the account.
Speculation for this hack has also focused on Anonymous as well as the hack group LulzSec, but Gizmodo reports that a New England DJ with a juvenile history of sophisticated hacking may actually be to blame.
Zendesk Support Info Hacked
In a less high-profile but still significant case, customer support technology vendor Zendesk publicly announced on its site yesterday that earlier this week, a hacker gained access to its system and downloaded support information of three customers.
Zendesk has since patched the vulnerability and ended the hacker’s access, but the company believes customer email addresses and support email subject lines were stolen and is helping the customers respond. This attack is a reminder that hackers do not limit themselves to major public attacks on multibillion dollar global enterprises.
A New Form of Warfare?
More troubling than any individual hacking attempt, even by organized crime or hacker groups, is the rising threat of unfriendly governments using hacking as a means of espionage or even warfare.
Reporting on a recent highly publicized study from computer security firm Mandiant, the New York Times says a secretive group within the People’s Liberation Army of China has been engaging in widespread hacking of “companies involved in the critical infrastructure of the United States -- its electrical power grid, gas lines and waterworks.”
The Chinese Army has also reportedly hacked into the systems of defense contractors, US government agencies and major corporations such as Coca-Cola (there is also speculation the Chinese military was tied to the Apple attack, although Apple has not publicly commented).
As devastating as personal data/identity theft, brand damage and other consequences of corporate hacking can be, these results pale in comparison with the troubling consequences of a totalitarian nation potentially gaining the ability to shut down the US power grid or seriously disrupt the oil supply. The world is online and there is no feasible way to bring it back offline, but the people responsible for maintaining online security need to realize there is more at stake than a restaurant chain suffering some short-term embarrassment.